General
-
Target
6bf78fb5daeea1a2aa4ccf62c0edef6f_JaffaCakes118
-
Size
153KB
-
Sample
240523-xq6dzscf8z
-
MD5
6bf78fb5daeea1a2aa4ccf62c0edef6f
-
SHA1
146dd27a7fa77acbc5ae34e1f5b63b962b952853
-
SHA256
200e1304647c5e9be528e8e92de3edb9c642411e59c5562c21eeb086303878cf
-
SHA512
b9eb1e17e1bb36b3bcbdadc414a9683f7a228fd63ebe5cfe6b0caa09386ae37b4b883f57c19cf7df32fe1e215734e48fcccba24ab74f91486ae2e4ebc0c7a5dc
-
SSDEEP
3072:8YucvDoYsNvCle0IlkN8DJAUJn0O3nuyuIfNpTh:9D1ICCaO3uAp
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
6bf78fb5daeea1a2aa4ccf62c0edef6f_JaffaCakes118
-
Size
153KB
-
MD5
6bf78fb5daeea1a2aa4ccf62c0edef6f
-
SHA1
146dd27a7fa77acbc5ae34e1f5b63b962b952853
-
SHA256
200e1304647c5e9be528e8e92de3edb9c642411e59c5562c21eeb086303878cf
-
SHA512
b9eb1e17e1bb36b3bcbdadc414a9683f7a228fd63ebe5cfe6b0caa09386ae37b4b883f57c19cf7df32fe1e215734e48fcccba24ab74f91486ae2e4ebc0c7a5dc
-
SSDEEP
3072:8YucvDoYsNvCle0IlkN8DJAUJn0O3nuyuIfNpTh:9D1ICCaO3uAp
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1